Committed to connecting the world

ai-for-good

Question 10/17

​​
Question 10/17 – Identity management architecture and mechanisms
(Continuation of Q10/17)

Motivation

Identity management (IdM) is the management of the life cycle and use (creation, maintenance, utilization, provisioning, and revocation) of credentials, identifiers, attributes, authentication, attestation, and patterns by which entities (e.g., service providers, end-user, social networks, organizations, network devices, applications and services) are known with some level of trust. Depending on the context, multiple identities may exist for a single entity at differing security requirements, and at multiple locations. In public networks, IdM supports trusted information exchange between authorized entities that is based on validation and assertion of identities across distributed systems in a multiple service providers and open service environment. IdM also enables the protection of information and ensures that only authorized information is disseminated. IdM is a key component to the proper operations of telecommunication/ICT networks, e.g. cloud and mobile computing, services, and products because it supports establishing and maintaining trusted communications. It not only supports authentication of an entity’s identity, it also permits authorization of privileges, easy change of privileges when an entity’s role changes, delegation, nomadicity, and other significant identity-based services.

IdM is a critical component in managing network security and enabling the nomadic, on-demand access to networks and e-services that end-users’ expect today. Along with other defensive mechanisms, IdM helps to prevent fraud and identity theft and thereby increases users’ confidence that e-transactions are secure and reliable, e.g. cloud and mobile computing system that are not directly controlled by the user organization.

National/regional specific IdM specifications and solution will exist and continue to evolve. Harmonization of the different national/regional IdM approaches, specifications and solution variants is very important for global communications. In order to accomplish this objective, IdM standards that utilize developer friendly environments, promotes the wide scale development of applications and tools using various web technologies (i.e. HTTP, JSON, OAUTH, OpenID Connect etc.) tools i.e. HTML are needed.

This Question is dedicated to the vision setting and the coordination and organization of the entire range of IdM activities within ITUT. A top-down approach to the IdM will be used with collaboration with other study groups, other standards development organizations (SDOs) and consortia. It is recognized that other Questions will be involved in specific aspects of IdM i.e., protocols, requirements, network device identifiers, etc.
Recommendations and Supplements under responsibility of this Question as of 1 December 2012: X.1250, X.1251, X.1252, X.1253, X.1254, X.1275, and X.Suppl.7.

Texts under development: X.atag, X.authi, X.discovery, X.giim, X.idmcc, X.iamt, X.mob-id, X.oitf, and X.scim-use.
Question

Study items to be considered include, but are not limited to:

  1. What are the functional concepts for a common identity management (IdM) infrastructure?
  2. What is an appropriate IdM model that is independent of network technologies, supports user-centric involvement, represents IdM information and supports the secure exchange of IdM information between involved entities (e.g., users, relying parties and identity providers) based on policies?
  3. What are the components needed to bring social, mobile and enterprise IdM together in way to promote safer transactions?
  4. What are the functional aspects of an IdM graph?
  5.  What are the components of a generic framework and requirements for IdM?
  6.  What are the specific IdM requirements of service providers?
  7. What are requirements, capabilities and possible strategies for achieving interoperability between different IdM systems (e.g., identity assurance, inter-working)?
  8. What are the candidate mechanisms for IdM interoperability to include identifying and defining applicable profiles to minimize interoperability issues?
  9. What are the requirements and mechanisms for protection and disclosure of personally identifiable information (PII)?
  10. What are the requirements to protect IdM systems from cyber attacks?
  11. What IdM capabilities can be used against cyber attacks?
  12. How should IdM be integrated with advanced security technologies?
  13. What unique IdM requirements are associated with cloud computing?
  14. What unique IdM requirements are associated with mobile computing?
  15. How can strong authentication technologies be integrated in IdM systems?

Tasks

Tasks include, but are not limited to:

  1. Specify an IdM framework that supports discovery, policy and trust model, authentication and authorization, assertions, and credential lifecycle management required for IdM.
  2. Define functional IdM architectural concepts to include IdM bridging between networks and among IdM systems taking into account advanced security technologies.
  3. Specify requirements (and propose mechanisms) for identity assurance, and mapping/interworking between different identity assurance methods that might be adopted in various networks. In this context, identity assurance includes identity patterns and reputation.
  4. Define interfaces for interoperability of IdM systems.
  5. Define requirements (and propose mechanisms) for protection and disclosure of identity information.
  6. Define requirements (and propose mechanisms) to protect IdM systems including how to use IdM capabilities as a means for service providers to coordinate and exchange information regarding cyber attacks.
  7. Maintain and coordinate IdM terminology and definitions living list and to continue the on-going work.
  8. Study and define IdM security risks and threats.
  9. Study and define the concept of “world ready” IdM framework.
  10. Study and define the concept of “developer ready” that is simple developer IdM framework to promote a more viral adoption.

Relationships

Recommendations:

  • X- and Y-series

Questions:

  • ITU‑T Questions 1/17, 4/17, 8/17 and 8/13

Study groups:

  • ITU‑T SGs 2, 11, 13 and 16; ITU-D SG1

Standardization bodies:

  • ISO/IEC JTC 1 SCs 6, 27 and 37; IETF; ATIS; ETSI/TISPAN; OASIS; Kantara; OMA; NIST; 3GPP; 3GPP2

Other bodies:

  • Eclipse; InCommon; PRIME; OpenID Foundation; Shibboleth; etc.

 

​​​